Privacy Pressure - InformationWeek
Business & Finance
07:38 PM

Privacy Pressure

Airlines and hotels face customer concerns arising from anti-terrorism efforts

The Transportation Security Administration said last week that it may force airlines to provide information on passengers to test a new counterterrorism program, raising hackles in an industry that's already facing lawsuits filed by passengers for having previously shared such data without their knowledge. The outcome of the dispute could set a precedent for how much data companies share with federal agencies in the name of national security.

The latest development involving the Computer Assisted Passenger Prescreening System II, or CAPPS II, shines a light on a growing concern among airlines and other travel-related companies that counterterrorism efforts increasingly involve requests for information about their customers.

"The airlines will not voluntarily turn over this data," says Doug Wills, VP of external affairs for the Air Transport Association, the trade organization for the major U.S. airlines. While the association supports the concept of CAPPS II, its members want more privacy guarantees before they supply data for any purpose.

David Stone, acting administrator for the TSA, told the House of Representatives' aviation subcommittee that the agency is prepared to propose a rule forcing airlines to hand over passenger data to test CAPPS II's security and privacy safeguards. A TSA spokeswoman says the administration wants to work closely with the airlines. "We really want to ensure that we have an open, transparent, acceptable process that includes interactive discussion on all the issues associated with CAPPS II," she says.

Nuala O'Connor Kelly -- Photo by David Deal

The government is as concerned about privacy as businesses are, Homeland Security's O'Connor Kelly says.

Photo of Nuala O'Connor Kelly by David Deal
Airlines and other businesses are caught between their duty and desire to help prevent terrorism and the need to maintain customer loyalty. Two airlines face pending class-action suits: JetBlue Airways, for giving a government contractor customer data to test an experimental Defense Department data-mining project; and Northwest Airlines, for giving similar data to NASA for an unspecified research test. Nuala O'Connor Kelly, chief privacy officer for the Department of Homeland Security, which oversees the TSA, last month concluded that the administration violated the spirit of federal privacy laws when it compelled JetBlue to provide its customer data to the federal contractor in 2002.

Stone testified that CAPPS II will flag fewer innocent passengers for security review. Under the current CAPPS system, airlines' reservation systems check passenger information against a government-supplied watch list. Putting the passenger-screening system and process in the federal government's hands would ensure a consistent approach, Stone said. The TSA also believes that consolidating the data would allow for more effective use of up-to-date intelligence information and make it easier to identify higher-risk flights and airports.

Passengers' identities would be authenticated by matching airlines' data against a TSA database maintained by a private-sector data aggregator such as LexisNexis or Acxiom Corp., then checked against a federal terrorism database and lists of individuals who have outstanding warrants for violent criminal acts. Precautions to protect privacy include installing private networks between the TSA and the airlines that would pass only encrypted data; requiring the data to pass through a multitier firewall before entering the TSA system; and implementing a 24-hour audit trail that documents all access to data, Stone said.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll